cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

SSO Integration with Azure AD

Highlighted
Participant

SSO Integration with Azure AD

Hey, im trying to setup the SSO integration with our Azure AD, on Azure im able to get the correct answer and to test it correctly. on the Chalk side I get : There was an error while testing your Identity Provider:
The 'email' attribute mapping is incorrect.

When i look in the Azure AD app, it's the same email as the one im connected.

 

Do you know if their is special things to do to get this working ?

thanks,

Tags (4)
6 REPLIES 6
Highlighted

Re: SSO Integration with Azure AD

Could be a couple different things.

 

Can you confirm the email attribute you are entering into the configuration is correct? You can check this in your metadata.xml file. 

 

The other thing it could be is your email addresses being sent from your IdP have uppercase letters in them. The email addresses coming from your IdP need to match those in the Admin Center exactly and the Admin Center stores emails in all lowercase. 

Highlighted

Re: SSO Integration with Azure AD

Looking into the xml it's Email

the email goes as follow :

<auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
<auth:DisplayName>Email</auth:DisplayName>
<auth:Description>Email address of the user.</auth:Description>
</auth:ClaimType>

 

In azure, i see the claims being made and it's the same email entered in the portal.

 

Highlighted

Re: SSO Integration with Azure AD

Looks like your email attribute to enter into the SSO configuration is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. Please try using that instead of 'Email' and let me know the results. 

Highlighted

Re: SSO Integration with Azure AD

Just tried again in a in-private session and same error 😞

Highlighted

Re: SSO Integration with Azure AD

Can you confirm that your IdP is sending the email address in all lowercase? Azure has a ToLower() claims transformation for this: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customi...

 

If that's all set, please PM me your company info and I'll look into this on our side.

Highlighted

Re: SSO Integration with Azure AD

Yes all lowercase,

I will send you a pm with more info.

Thanks !

Announcements
Topics available:
AR/VR for Data Optimization AR/VR for Security and Control AR/VR for Inspection